Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks

  • From: Rafi Sadowsky
  • Date: Wed Oct 30 01:17:10 2002


## On 2002-10-29 19:55 -0600 Rob Thomas typed:

RT> 
RT> Hi, NANOGers.
RT> 
RT> ] 	ICMP?
RT> 
RT> I have my own thoughts on ICMP filtering, which you will find here:
RT> 
RT> http://www.cymru.com/Documents/icmp-messages.html
RT> 
RT> I don't claim to have correct thoughts, however, so input and suggestions
RT> are always welcome.  :)  If anyone could pick up a NANOG t-shirt for me,
RT> that would be welcome as well.  :)

Hi Rob

 I find it hard to believe You have no thoughts about:

  1) rate-limiting ICMP 

  2) passing ICMP "statefully"
 (that is for example ICMP echo reply only accepted in reply to an ICMP echo)

  3) DoS problems related to ICMP unreachables

-- 
Regards,
	Rafi

RT> 
RT> Thanks,
RT> Rob.
RT> 





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.